Bugtraq mailing list archives

Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload

From: Zeev Suraski <zeev () zend com>
Date: Tue, 5 Sep 2000 01:35:03 +0300

The initial fix published earlier did NOT fix the vulnerability that was
discovered, and could also cause crashes under certain circumstances.  It
could also cause some applications to fail, due to a side effect that
prevents certain valid form variables from being processed correctly.

The correct, tested fixed file (without any side effects) is available at

http://cvsweb.php.net/viewcvs.cgi/~checkout~/php4/main/rfc1867.c?rev=1.45&content-type=text/plain

The diff against version 4.0.2 is available at:

http://cvsweb.php.net/viewcvs.cgi/php4/main/rfc1867.c.diff?r1=1.38%3Aphp_4_0_2&tr1=1.1&r2=text&tr2=1.45&diff_format=u

It is also attached to this message.

Thanks to James Moore for helping me test this fix.

Zeev

Attachment: rfc1867.c.diff
Description:

--
Zeev Suraski   <zeev () zend com>
http://www.zend.com/

Current thread:

(SRADV00001) Arbitrary file disclosure through PHP file upload Secure Reality Advisories (Sep 03)
- Re: (SRADV00001) Arbitrary file disclosure through PHP file upload Signal 11 (Sep 04)
  - Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload Rasmus Lerdorf (Sep 04)
    - Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload Zeev Suraski (Sep 04)
    - Message not available
    - Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure throughPHP file upload Zeev Suraski (Sep 04)
- Re: (SRADV00001) Arbitrary file disclosure through PHP file upload Mads Bach (Sep 04)
- Re: (SRADV00001) Arbitrary file disclosure through PHP file upload Brian Smith (Sep 04)